Description

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

Remediation

References

CVE-2005-4703

Related Vulnerabilities

Drupal Core 9.0.x Multiple Security Bypass Vulnerabilities (9.0.0 - 9.0.14)

WordPress Plugin IBS Mappro Arbitrary File Download (0.6)

WordPress Plugin The Events Calendar Countdown Addon Security Bypass (1.3.1)

WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1240)

Severity

Medium

Classification

CVE-2005-4703

Tags

Missing Update Known Vulnerabilities